The bring your own device (BYOD) initiative is no longer a “trend”. It has happened. Just look at any desk around you in your office and you will spot personal devices scattered among traditional work tools.

While the BYOD phenomenon has been associated with a younger generation coming into the workforce, disrupting existing workflows and tools deployed in an office environment, it actually isn’t. In fact, increasingly, it is the C-suite that is driving BYOD.

Picture the situation: a young recent starter asks the IT department to allow him to connect his Android smartphone to the Virtual Private Network and for his work e-mails to be accessible via his device. The natural response from the IT department is to decline the request and point him towards company-mandated devices such as a BlackBerry. Now imagine the CEO of the same company receiving an iPad as a gift and demanding it be connected to corporate e-mails and board-level presentations made available via the device for him to review while on the go. IT cannot ignore this request.

Where the chief information officer thought he had the backing of the CEO when it came to controlling the younger workforce with their disruptive ideas, bringing their own personal devices into work and demanding intuitive next-generation tools, he is, in fact, getting the pressure from both ends of the spectrum.

The IT department still owns data quality, availability and security. And its head is responsible for managing these and reducing security threats. Which is why chiefs need to evolve as quickly as the technology industry does, working closely with the next “millennial” generation of workers to manage the transition, rather than control it.

There are multiple benefits in evolving working technology tools and practices, but the chief information officer, for good reasons, tends to let the disadvantages outweigh the benefits. The main concern is obviously security. But if even the CEO is demanding his latest gadget be connected, then the chief information officer needs to find a solution.

One obvious aspect is rolling out security across all devices — but this soon proves tricky to implement. Having browser-based tools that are agnostic and ubiquitous reduces the security headache, while enabling the CEO to use his tablet for work-based activity. All information is stored in-memory, so is kept off the device when not connected, minimising the security risk.

The benefits are numerous, whether driving productivity, as employees are more inclined to use their personally tailored devices and preferred tools to increase output; lowering overall costs for companies, as they don’t have to invest in company-mandated devices; or even making the company more appealing to new recruits.

So, while the CEO may not have the wider benefits front of mind when he turns up to work and hands his new iPad to the chief information officer, he is, in fact, helping transform the organisation’s IT practice and policies. Otherwise, it will be one rule for senior management, and another for the rest of the company. And, in our converging, connected world where structures are fluid and constantly evolving, we need to ensure our organisations are equally as flexible to accommodate this change.

Before allowing employees to use their own smartphones and tablets, organizations should have a clear understanding of BYOD pros and cons and their potential long-term effects.

The bring your own device (BYOD) movement has taken the enterprise by storm, and it’s not likely to subside anytime soon. Organizations large and small have been steadily embracing BYOD, citing cost savings and increased productivity as their primary motives. Yet additional support and management costs, as well as risks to sensitive data, can easily outweigh such benefits.

BYOD Pros

Users have grown accustomed to — and indeed expect — the ease, efficiency and mobility their smartphones and tablets offer. So enamored are they with their devices, they’ve begun bringing them into the workplace and using them to do their jobs. The BYOD trendcan make it easier for workers to accomplish their tasks, thanks to simple-to-use mobile applications that allow employees to access and share data more smoothly. Users can work just about anywhere at any time without having to save files to flash drives or email documents from one account to another.

Users can also update smartphones and tablet software more easily than traditional corporate technology, which means their devices tend to stay more current and cutting-edge. Workers are also more invested in their own devices and can customize them to meet their own needs. And the flexibility BYOD offers makes employees more likely to put in more hours each week, regardless of where they’re located or the time of day.

Yet BYOD can mean more than increased productivity. Employees who use their own devices for work might save their employers money, at least in some areas. The most obvious savings, of course, are with the devices themselves. Organizations that would normally provide devices to their mobile workers no longer need to, and the workers themselves require fewer training resources. BYOD can even minimize application outlay if workers take advantage of the many consumer apps available to do their jobs, such as Evernote and Dropbox. Workers often pay for most or all the data and voice services, as well as other associated expenses. As a result, the enterprise avoids spending money on devices their workers don’t want in the first place, and workers are more likely to take better care of the devices, which can reduce support costs and improve security.

BYOD Cons

Despite the advantages that BYOD programs offer, implementing one should not be taken lightly. Take, for example, the assumption that BYOD will result in cost savings. Although true in some areas, the enterprise must often commit resources in other ways. Line-of-business applications must be adapted for different devices, increasing support costs and making centralized app management necessary. For this reason, many organizations dole out funds for mobile management tools to control personal devices and their applications.

Companies will also need to develop the strategies and policies necessary to implement aBYOD program and enforce those policies once the program has been put in place. In addition, organizations must invest in educating employees on the risks and responsibilities associated with using their devices in the workplace.

IT can expect increased support costs associated with helping employees comply with BYOD policies. Developers will call on admins to help plan and implement apps on the various devices, and admins will have to simultaneously ensure that the implementations don’t put corporate resources at risks. IT must also be prepared for the additional strain on the corporate infrastructure from personal devices connecting to their internal systems.

Yet even more important than the costs incurred by a BYOD program are the security risksof letting workers store sensitive data on their own devices. What happens if a device is lost, stolen or infected with malware? A company has less control over the devices it doesn’t own, making it easier for sensitive data to be compromised. Company-issued devices usually come with an acceptable-use policy, but it’s a lot more difficult for IT to tell workers what is acceptable on their own smartphones and tablets. Plus, when an employee leaves the company, his device leaves too, and the organization might be unable to reclaim sensitive data.

At the same time, IT must contend with workers’ privacy concerns about employer access to personal contacts, messages, emails, installed apps and other data. IT should be able to protect the organization’s sensitive data while preserving workers’ rights to privacy, which is not always an easy balance to maintain.

An organization planning a BYOD program must also take into account any compliance mandates that govern information security and safeguard specific data. Even if workers use their own devices, the organization must still ensure that the data is protected as required by regulation and law. The enterprise must also understand the liability it faces if sensitive data is compromised, whether or not the storage or transmission of that information is governed regulations. Planning a BYOD strategy should no doubt include seeking out legal advice, not only for understanding liability issues, but privacy as well.

Moving ahead with BYOD

Implementing a program requires careful consideration of BYOD pros and cons. But the tide is tough to turn back, and many organizations are accepting the trend as a fait accompli. Before an organization implements a BYOD program, it should have in place a set of policies that fully explain acceptable use of personal devices in the workplace. The policies should address such issues as securing data, application usage, protecting privacy, compliance and what happens when an employee loses a device or leaves the company. Each employee who participates in the program must fully understand and agree to those policies.

A big part of planning a BYOD program should be determining how enterprise apps will be delivered and maintained. Fortunately, mobile application management tools are maturing quickly, making it possible to more easily separate enterprise apps and data from personal information. Some organizations are moving to an app-only management strategy in which the focus is on enterprise apps and how sensitive data is stored and shared on devices, eliminating the need to manage devices themselves. Some organizations have implemented virtual environments or virtual private networks to avoid any sensitive data being stored on workers’ devices. Whatever strategy the organization employs, it should be implemented in conjunction with the BYOD program and its policies, not thrown in as an afterthought.

The success of a program will depend in large part on how well the organization understands the BYOD pros and cons and what it will take to mitigate risks. IT should know how workers will be using their personal devices to conduct business and have the ability to ensure data cannot be easily compromised. In the end, a well-defined program and well-educated workforce are the best strategies for ensuring a successful BYOD program.

You’re running late so you text a heads-up to the person you’re meeting. Your project team texts constantly and keeps the instant messaging system chiming with exchanges. It’s only natural that doctors and medical staff want the same convenience and immediacy to coordinate patient care. The issue? Risk to privacy and security of patient personal health information (PHI).

As covered entities, hospitals are under scrutiny to assure compliance with HIPAA and HITECH Rule requirements. Yet the tried-and true pager is antiquated and non-conducive to optimal workflow in a busy hospital, and the inevitability of mobile device use is apparent to all. Health and Human Services (HHS) has recently rolled out a mobile education initiative to help physicians and healthcare organizations reduce risk and protect patient PHI when using mobile devices.

The potential for more efficient workflow and the need to reduce the pager response bottleneck are what led Torrance Memorial Medical Center to TigerText, a fully encrypted, SaaS platform for secure text messaging. Torrance Memorial is using the application among physicians and case managers in Torrance Memorial Hospitalist Associates (TMHA), which handles close to 50% of all the patients in the hospital and treats up to 140 patients per day. Dr. Alexander Shen, the TMHA Medical Director, elaborates on a primary reason behind the switch to secure text messaging, “The triage of importance when a physician receives up to six pages at a time becomes not just a day-to-day problem, but also an hour-to-hour one. With a pager system, there’s no way to tell what is a true emergency and what could wait a couple of hours. We’d decided that if TigerText could work for our hospitalist group, it could work house-wide.”

People use mobile devices every day for every facet of their lives. But as Brad Brooks, CEO of TigerText, says, “You have nurses, doctors, caregivers all naturally gravitating towards text messaging via their mobile for daily communicationin their workflow. All the content lives on their phones, which creates all types of risks for PHI exposure. So we address HIPAA compliance and recipient authentication, two key concerns for the healthcare industry.”

Communication ease is facilitated through integration of the organization’s active directory into the application, so users don’t have to know the mobile number of the person they’re contacting – it can only go to the intended recipient. Because it’s internal (intranetwork), the exchange happens at a speed similar to instant messaging. Delivery and “read” confirmations let the sender know what happened and when, providing reassurance and reducing disruption. Brooks says, “Our aim is to help create efficiency in their workflow and improve physicians’ ability to respond quickly, with priority channels, while also reducing risk of unintended PHI disclosure. The platform is as simple to use as a regular text message, yet the message stays encrypted during transit and at rest.” An organization can also set a limited lifespan for messages, which means they are wiped from a mobile device after a specific period of time. The message remains within the organization’s server for records and historical purposes.

According to Shen, TigerText came out ahead of other vendors because their interface has proven friendlier, plus, “We talked to larger vendors, but none of them offered a pilotstyle program that would let us get proof of concept down before adopting it house-wide. We’ve been able to roll it out within our hospitalist group, then to the nurses and now are going house-wide.”

TMHA has also been able to streamline, and will eventually eliminate the “tether” effect of multiple communication devices (pagers, landlines, answering services) and reduce to one device. TigerText has worked with them toward complete elimination of the pager device by implementing a pager-type application feature that forwards directly to the texting application on the mobile device.

A voicemail transcription feature sends voice messages as a text, with an audio file attachment. There are multiple options and modes for sending a message, whether dialing a number or sending from another secure device. The non-intrusive nature of the application has proven popular with doctors. As Shen says, “Because we’re not playing phone tag, we are more accessible to the patients who are in front of us, yet can be truly responsive to inquiries from other doctors and medical staff while easily prioritizing care needs.” Traditional modes of contact are all covered with one secure SaaS. “We gain workforce efficiency and secure messaging, all without our doctors, nurses and other medical staff learning a completely new system or communication method.”

Good news: Bring Your Own Device trends have become less strange and more accepted as organizations continue to aggressively onboard mobile infrastructure.

Bad news: BYOD is just as complex and confusing as ever, complicated by more devices and various levels of security, user policies and types of workers.

While gaining traction in just about every market segment, BYOD continues to complicate not only security, but how organizations manage bandwidth consumption and fix and address performance issues.

However, that sustained complication will no doubt open up ongoing channel service opportunities around security, management, compliance and optimization for the long-term. That said, solution providers can always use a bit of a boost. With that in mind, a recent report issued by WAN optimization firm Exinda illustrated some of the ways solutions providers can control the impact of BYOD on their customers’ networks.

• The first step is segmenting users and monitoring access devices. These days, it’s not uncommon for users to juggle multiple devices – smartphone, tablets, laptops, eReaders — that are all consuming corporate network resources. And when combined, they all result in an unknown, but likely burdensome, impact on the network. Solution providers should then refocus tracking of user activity and leverage online tools integrated with the corporate directory to open up network visibility based on each user. It’s a move that, in turn, will streamline channel BYOD management efforts by automatically incorporating every device leveraged by individual users.
• Meanwhile, solution providers need to be building out a BYOA policy that aligns specifically to BYOD needs. While many organizations have some kind of device policy in place, few have implemented well-constructed application policies that determine user productivity and social applications that can be safely used on the network. Or be supported by IT for that matter. The service opportunity for solution providers them becomes the ability to assess and determine which personal applications should be supported, which should be controlled, and which should be prohibited altogether.
• If you can’t see it, you can’t manage it. Part of getting a handle on BYOD is getting a handle on BYOD expenses. And to that end, solution providers should typicallypublish a detailed BYOD expense policy. It’s a step – and likely the only step — that will enable organizations to build an effective cost model that transcends device support costs to include necessary elements such as application, management and usage costs.
• While many BYOD policies look good on paper, users won’t truly know their effectiveness, and ultimately value, until that policy is put to the test. As such, the most strategic BYOD plan could feasibly be rendered moot if glaring errors cause mobile infrastructure to slow resources, tap bandwidth or lack integration with the rest of the corporate network. As such, solution providers will need to regularly perform BYOD network readiness assessments to identify and address weaknesses and areas of improvement. Regular testing will not only determine where the vulnerabilities are located, but what areas of expertise the channel will be required to fulfill for their customers.
• Finally, solution providers will be required to remodel the application SLAs for BYOD. Above all else, the network’s ability to deliver a reliable and predictable user experience for all critical applications and devices will be predicated on the strength of the network application SLA. That will require intensive scrutiny on the part of the channel to ensure that the service levels meets the customers’ requirements. While entailing a little more work up front, the benefits will pay off for the solution provider, and their customers, in the long run.

You need to ask questions like:

• Who do we want to use the network?
• Do we want to control access to data or the network based on job function?
• Do we have enough network resources for the additional load?

Blunder # 2 – No BYOD policy

http://www.hipaatext.com/wp-content/uploads/2013/03/BYOD-Policy-20130213.pdf

Blunder # 3 – Give access to all data

BYOD seems like a big problem, but real productivity gains can be had if BYOD is implemented correctly. Take it in small steps and remember to focus on data and the user. BYOD is the future of IT, but it will take time and effort to implement it correctly.

Blunder # 5 – Lost devices

“Mobility is a top-five priority for 42 percent of CIOs, and will generate significant sources of new revenue, according to 79 percent of CIOs in “The Accenture CIO Mobility Survey 2013.”

To achieve that goal, most CIOs will invest 31-to-40 percent of discretionary budgets, compared with only 19 percent last year. Anecdotal data from the CIO interviews suggests many approach new IT projects with a “mobile first” thinking, Accenture said.

The insurance industry respondents cited location-based services (48 percent) as most important on their list of needs. Overall, 43 percent said improving field and customer service with instant data access, capture and processing; 36 percent said engaging customers via mobile devices; conducting transactions on mobile devices, 34 percent; and 29 percent said they plan to design, develop and/or distribute connected devices to support B2B applications.

“It’s encouraging that companies are embracing the importance of mobility but they need to go further by identifying the top areas for mobile deployment,” said Jin Lee, senior managing director, Accenture Mobility. “In particular they should look at areas that will grow, such as connected devices, and conduct a ‘gap analysis’ to determine how to catch up, or even better, get ahead of the curve. Other critical considerations include investments, budget allocation, re-training staff, hiring mobile expertise, and leveraging external experts to help develop or implement mobility strategies.”

Mobility would significantly improve customer interactions, 84 percent of those surveyed said, and 83 percent said the technology would significantly affect their business.

Forty-six percent said they plan to change workflows to better incorporate mobility into the business, and 73 percent said mobility will affect their business as much or more than “the web revolution of the late 90s,” Accenture said. Last year, 67 percent of respondents felt that way in a similar survey Accenture conducted.

Half said they would identify prioritized mobility initiatives over the next year, an increase from 41 percent last year, and 85 percent said their mobile strategies must support smartphones; 78 percent said tablets. Mobile device management (27 percent), collaboration (25 percent) and knowledge sharing (23 percent) were the three most important features of a mobile strategy, Accenture said.

The uptake of mobile technology is accelerating to the extent that companies are taking action before they have well-defined strategies, Accenture said, as 58 percent claimed a “moderately developed formal mobile strategy;” and 23 percent claimed “an extensively-developed formal mobile strategy, a decline from 31 percent last year.

Other highlights:

• 59 percent provide only limited support to their employees; 28 percent offer full support
• 52 percent said they would retrain existing staff to enable their mobile strategies
• 37 percent will hire full-time mobile expertise into their organization, indicating a high demand in the market for mobility talent.
• 76 percent of projects are being staffed internally, compared with 63 percent in 2012
• 49 percent of respondents’ mobile applications relied on both native and web apps
• 45 percent said security is still a significant concern
• 41 percent said budget is still a concern
• 31 percent said a lack of interoperability with legacy systems is still the main barrier affecting mobile priorities

“CIOs must find ways to support the myriad of mobile devices entering the work environment,” Lee said. “They should also address the need to focus intensely on people and expertise. Almost twice as many companies — 40 percent in 2013, versus 27 percent in 2012 — plan to leverage external experts to develop and refine their strategy, indicating that mobile usage is growing faster than the market can provide in terms of skilled and available talent.”

Your BYOD security policy should include specific measures to mitigate business data risks. Start with basic steps:

• Encrypt business data stored on personal devices with strong encryption. Full device encryption is best, but if that isn’t feasible, all business data should be stored in encrypted folders on the device.
• Routinely update hardware and apps to the latest versions to mitigate the risk of someone exploiting a known vulnerability.
• Make sure that devices are registered before they connect to the company network. This allows network administrators to detect unauthorized devices on the network.
• Authenticate devices using Secure Sockets Layer certificates before they are allowed to access network resources.

Consider whether your business needs additional controls from its BYOD security policy. IT might need the ability to remotely wipe a personal device if it’s lost or stolen, for example. If that’s the case, the employee should authorize this measure during the device registration process. Some mobile device management (MDM) systems provide sandboxes for corporate data that can be remotely wiped without erasing the device’s personal contents.

If you don’t want employees to inadvertently agree to share corporate data downloaded to their endpoint devices, consider an MDM system that supports app blacklisting.

The levels of access granted to users should be based on their roles and responsibilities in the organization. IT can partly enforce access control policies with information from a centralized directory, such as Active Directory. Many organizations already use such directories for access control, and some MDM applications can use them as well.

Keep in mind government regulations, licensing requirements and industry standards that apply to your business. Health care providers, for example, must comply with the Health Insurance Portability and Accountability Act, which requires measures to protect patient data. Encrypting sensitive data at rest and data in motion is essential.

Financial services industries must protect confidential customer information under the Gramm-Leach-Bliley Act, but they and other public companies are also required to protect the integrity of financial reporting data under the Sarbanes-Oxley Act. Be sure to consider access controls — using both device-based methods and network services — to comply with data protection requirements. Technical controls are only part of BYOD security best practices. Enterprises should train employees in security awareness.

For average users, security training doesn’t have to be an in-depth technical endeavor. The goal is to educate them about the ways attackers use technical and social engineering techniques to undermine security measures.

In addition, security awareness training should include best practices for working with sensitive information on personal devices. This training can include advising employees to take these measures:

• Report lost or stolen devices that have been used to access the business network.
• Minimize the use of personal email accounts to transmit business information.
• Keep device operating systems up to date.
• Consider the access rights given to applications. This is especially relevant for free apps. Ask how the app developers fund the development of their products. You might be agreeing to share substantial amounts of personal and possibly corporate data.

In addition to protecting personal devices and any sensitive data stored on them, a BYOD security policy should also address data in motion.

ORLANDO — As workers meld their personal and professional lives, the modern enterprise becomes awash in user-owned smartphones, tablets and laptops. It’s a trend that has concerned business managers and IT pros alike.

At Gartner ITxpo in Orlando this week, Nick Jones, vice president and distinguished analyst at Gartner, outlined the essential elements of a bring your own device (BYOD) program. While IT can no longer exercise draconian control over every user-owned device, it’s important for each business to consider its BYOD program carefully and update it to keep pace with the rapid changes taking place in the mobility arena. BYOD programs have evolved to encompass a huge scope of issues including the following:

Scope and eligibility. Not every employee may need access to the company network, and companies routinely limit the scope of their BYOD program to eligible employees. IT and business teams must define the eligibility of mobile employees and decide who may and may not use mobile devices for work purposes.

Acceptable platforms. The ideal goal of mobility may be to allow worker productivity with any “smart” device, but this doesn’t mean that every device should be allowed on the corporate network. Spend time identifying which mobile platforms should be allowed and make those decisions clear to the user base well in advance. This list of acceptable platforms will likely be updated on a frequent basis.

Tools and technologies. The foundation of a BYOD program includes deciding just which devices the company can and will support, and implementing the tools and technologies needed to enable that access. For example, devices may need new Wi-Fi access, which may demand proper access point coverage across the business campus.

Support levels. A proliferation of end-user devices poses a support nightmare for IT staff, and there are limits to the amount of practical support the business can provide. A BYOD program must define the support options and processes that users must follow when working with the corporate network.

Ownership and reimbursement policies. It is standard practice for businesses to provide some type of reimbursement to employees that purchase and use their own endpoint devices for work. Generally, organizations cannot force users to buy or use certain devices, but preferred platforms can be encouraged. For example, some organizations tie reimbursement to “preferred” devices, which the organization may be better-positioned to support.

Security and privacy needs. Security issues remain the bane of corporate mobility. No organization wants an employee with a malware-infested tablet compromised to wind up behind the corporate firewall with access to sensitive business data. Implement security measures that provide control over user devices — such as wiping compromised devices — while still respecting the users’ privacy where possible.

User access to corporate assets and applications. It’s almost certain that different users will have different levels of access to corporate data and varied applications from the enterprise app store. Evaluate, plan and implement the policies and tools needed to ensure proper access for local and remote users.

Policies and enforcement. Beyond access, corporations also need to address acceptable use policies, verify that users understand and agree to those policies, and implement the tools needed to identify and react to any breaches in those acceptable use policies. Tools can help to track behaviors and differentiate between occasional, accidental breaches and repeated, malicious breaches.

Ultimately, the cost of a BYOD program is justified by increases in worker productivity and end-user engagement. “For most organizations, BYOD isn’t about saving money but empowering employees,” Jones said.

January 29 2013, InfoWorld Tech Watch (Featured on InfoWorld Tech Watch)

IT admins have been understandably resistant to BYOD[1]. After all, granting user-owned gadgets access to sensitive data and critical applications poses not only a security threat [2], it also creates compatibility challenges and tech-support headaches. However, embracing BYOD may very well be worth the trouble: Organizations that support consumer tech are more profitable and more nimble, according to a new survey from software and consulting company Avanade .

According to the company’s survey of C-level execs, business-unit leaders, and IT decision makers from around the globe, organizations that have adopted consumer tech were 73 percent more likely to report improved sales and new customer acquisitions than BYOD holdouts. Fifty-eight percent reported a greater ability to bring new products and services to market, and 54 percent said their companies were more likely to report increased profits.

What’s more, the survey found that companies were enjoying intangible benefits from embracing consumer tech, including happier workers: Those organizations are 37 percent more likely to report improved employee satisfaction, according to the report, as well as “a greater emphasis on creativity and greater ability to solve problems.”

As to how employees are using their consumer devices for work, 54 percent of respondents said most of their employees use smartphones for basic work tasks such as checking email, reading online documents, and managing schedules. Forty-two percent said most of their employees use smartphones for advanced purposes such as CRM, project management, content creation, and data analysis. Meanwhile, 33 percent said that the majority of their employees use tablets for basic work tasks, the same percentage who said most employees use tablets for advanced purposes.

Although companies are reporting benefits of incorporating smartphones and tablets, they are still playing catch-up with the technology. About 70 percent said they had changed at least one business process in support of emerging mobile tech, such as in IT management, sales and marketing, HR, or customer service. But only 20 percent reported changing four or more business processes. Considering the potential disruption of smartphones and tablets, that number should arguably be higher.

Part of the problem, says Avanade, is there remains some disagreement in organizations as to who is responsible for devising new processes in support of BYOD. “Major business change involves many functions and departments, but Avanade’s research shows that more than half of respondents (56 percent) believe that IT departments are now responsible for managing elements of the company not traditionally in the job description of IT, such as improving business processes and collaboration across the business,” according to the report.

Additionally, 51 percent of respondents said that IT should play a role in creating and supporting consumer tech for business purposes; 28 percent said it was up to HR.

The report also pointed to a noteworthy disconnect between C-level execs’ BYOD bullishness and that of employees lower on the corporate totem pole: Seventy-one percent of C-level execs said they believed the rest of their organization could accomplish work tasks outside the office walls, versus 32 percent than the rate of IT staff and business unit leaders who reported the same.

The report said that 61 percent of organizations reported that most of their employees now use personal computing devices in the workplace, and 35 percent of respondents deemed “training for all employees” to better support consumer technologies in the workplace as the top investment priority for 2013 in the next 12 months.